Merge branch '8524-ds-configure-reqs-file' into 'master'

Add new dep scanning var for python requirements

Closes #8524

See merge request gitlab-org/gitlab!21219

changelogs/unreleased/8524-add-ds-var.yml

+---
+title: Add dependency scanning flag for specifying pip requirements file for scanning.
+merge_request: 21219
+author:
+type: added

doc/user/application_security/dependency_scanning/index.md

@@ -143,6 +143,7 @@ using environment variables.
 | `DS_RUN_ANALYZER_TIMEOUT`               | Time limit when running an analyzer. Timeouts are parsed using Go's [`ParseDuration`](https://golang.org/pkg/time/#ParseDuration). Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. For example, `300ms`, `1.5h`, or `2h45m`. |
 | `PIP_INDEX_URL`                         | Base URL of Python Package Index (default `https://pypi.org/simple`). |
 | `PIP_EXTRA_INDEX_URL`                   | Array of [extra URLs](https://pip.pypa.io/en/stable/reference/pip_install/#cmdoption-extra-index-url) of package indexes to use in addition to `PIP_INDEX_URL`. Comma separated. |
+| `PIP_REQUIREMENTS_FILE`                 | Pip requirements file to be scanned. |
 | `MAVEN_CLI_OPTS`                        | List of command line arguments that will be passed to the maven analyzer during the project's build phase (see example for [using private repos](#using-private-maven-repos)). |
 | `BUNDLER_AUDIT_UPDATE_DISABLED`         | Disable automatic updates for the `bundler-audit` analyzer (default: `"false"`). Useful if you're running Dependency Scanning in an offline, air-gapped environment.|
 

lib/gitlab/ci/templates/Security/Dependency-Scanning.gitlab-ci.yml

@@ -50,6 +50,7 @@ dependency_scanning:
           DS_PIP_DEPENDENCY_PATH \
           PIP_INDEX_URL \
           PIP_EXTRA_INDEX_URL \
+          PIP_REQUIREMENTS_FILE \
           MAVEN_CLI_OPTS \
           BUNDLER_AUDIT_UPDATE_DISABLED \
         ) \